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. Abstract 

Linear logic Concurrent Constraint programming (LCC) is an extension of concurrent con- 
straint programming (CC) where the constraint system is based on Girard's hnear logic 
instead of the classical logic. In this paper we address the problem of program equivalence 
for this programming framework. For this purpose, we present a structural operational 
semantics for LCC based on a label transition system and investigate different notions 
• of observational equivalences inspired by the state of art of process algebras. Then, we 

demonstrate that the asynchronous vr-calculus can be viewed as simple syntactical re- 
strictions of LCC. Finally we show LCC observational equivalences can be transposed 
straightforwardly to classical Concurrent Constraint languages and Constraint Ifandling 
^ ' Rules, and investigate the resulting equivalences. 

'. 
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1 Introduction 

The class of Concurrent Constraint languages (briefly, CC) (Saraswat and Rinard 
1990) was introduced as a generalization of concurrent logic programming (Maher 
^ • 1987) with constraint logic programming (Jaffar and Lassez 1987). Nonetheless it 



has strong similarities with more classical models of concurrency such as the Calcu- 
lus of Communicating Systems (CCS), the Chemical Abstract Machine (CHAM), 
or the TT-calculus. For example, its semantics has been originally expressed by pro- 
cess algebras similar to CSS (Saraswat and Rinard 1990) or later in the style of 
the CHAM (Pages et al. 2001). Furthermore, it generalizes Actor model (Kahn 
and Saraswat 1990) and possesses the phenomenon of channel mobility of the tt- 
calculus (Laneve and Montanari 1992). 

Nonetheless, any CC language differs from the usual models of concurrency be- 
cause it relies on a constraint system for specifying relationship (entailment) be- 
tween messages (constraints), which confers to it a "monotonic" essence. Indeed, 
in CC, processes can only add information by posting constraints or checking that 
enough information is available to entail a guard. Linear logic CC languages (briefly, 
LCC) (Saraswat and Lincoln 1992) have been introduced as a generalization of CC 



* A version of the paper including the proofs is available as technical report (Haemmerle 2011). 
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in which processes can consume information by means of the ask operation, hence 
breaking the monotonicity of CC. The main idea of this extension is to view the 
constraint system as Girard's Unear logic (Girard 1987) theory instead of classical 
logic theory. It results in a simple framework that unifies constraint programming 
and asynchronous process algebras. 

Since the beginning of the nineties, the semantics foundation of LCC has been 
well studied (See for instance (Best et al. 1997; Ruet and Pages 1997; Fages et al. 
2001; Haemmerle et al. 2007)), but surprisingly the formal comparison with clas- 
sical models of concurrency has received little attention. Indeed, during the same 
period, the use of constraints in the context of concurrency seems to have received 
more than a little attention. For instance, the fusion calculus (Parrow and Victor 
1998) introduced at the end of the nineties can be viewed as a generalization of 
the TT-calculus with unification constraints. Several hybrid process algebras with 
constraint mechanisms have also been proposed (Sec for example (Diaz et al. 1998; 
Gilbert and Palamidessi 2000; Buscemi and Montanari 2007)). 

In this paper, we investigate observational equivalence for LCC. Here, we under- 
stand observational equivalence in a broad sense: two processes are observationally 
equivalent if, in any environment, an external observer cannot possibly tell the dif- 
ference when one process is unplugged and the other one plugged in. In order to 
provide a relevant instantiation for this intuitive definition, it is necessary to take 
into account the execution paradigm in which the processes will be considered. 
Indeed, in CC frameworks there typically exist two possible execution paradigms: 
the "backtracking" paradigm (from logic programs), which allows reversible execu- 
tions, and the "committed choice" paradigm (from process algebras), which does 
not. In the following, we propose the may testing equivalence and the barbed con- 
gruence, as natural instances of observable equivalence for LCC when considered in 
these respective paradigms. We propose also the logical equivalence and the labelled 
bisimulation that will provides simpler characterization for the two former notions. 

In order to define such equivalences, we will look at LCC from a point of view 
slightly different from the classical one: Here constraints are not posted into a 
central blackboard anymore, but they are processes that can migrate, merge, and 
emit as message a part of the information they represent; meanwhile, ask processes 
just wait for messages that "logically" match their guards. Hence, it is possible to 
express the operational semantics of LCC by an elegant labeled transition system 
(briefly, LTS). We then show that the asynchronous 7r-calculus can be viewed as a 
sub-calculus of LCC, and that the usual 7r-calculus observational equivalences are 
particular instances of the ones of LCC. Finally, we investigate particular properties 
of LCC observational equivalences, when they are transposed into classical CC and 
Constraints Handling Rules (CHR). 

2 A process calculi semeintics for Linear Logic CC 

In this paper, we assume given a denumerable set V of variables, a denumcrable 
set Sc of predicate symbols (denoted by 7), and a denumerable set S/ of function 
and constant symbols. First order terms built from V and S/ will be denoted by t. 
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Sequences of variables or terms will be denoted by bold face letters such as x or t. 
For an arbitrary formula A, fv(A) denotes the set of free variables occurring in A, 
and A[x\t] represents A in which the occurrences of variables x have been replaced 
by terms t (with the usual renaming of bound variables, avoiding variable clashes). 

2. 1 Syntax 

In this section, wc give a presentation of LCC languages where declarations are 
replaced by replication of guarded processes. Indeed, replicated asks generalize usual 
declarations to closures with environment represented by the free variables in the 
ask (Haemmcrlc et al. 2007). In LCC, we distinguish four syntactical categories as 
specified by the following grammar: 

c ::= 1 I I 7(t) | c ® c | 3x.c \ \c {constraints) 

a ::— t \ c \ (x)c (LCC-actions) 

G ::= Vx(c P)\G + G (LCC-guards) 

P ::= c I P\P I 3xP \ IG \ G (LCC-processes) 

Constraints are formulas built from terms, constraint symbols, and the logical 

operators: 1 (true), (false), the conjunction ((g)), the existential quantifier (3), and 
the modality (!). The three kinds of actions are the silent action r, the input action 
c, which represents a constraint for which a process waits, and the output action 
(x)c (x being the variables extruded by the action), which represents the constraint 
posted by a process. The order of the extruded variables in an output message is 
irrelevant, hence if y is a permutation of the sequence x, we will consider (x)c equal 
to (y)c. In LCC-processes, an overlined constraint c stands for asynchronous tell, 
I for parallel composition, 3 for variable hiding, — > for blocking ask, + for guarded 
choice, and ! for replication. As one can see, the syntax for LCC-processes does not 
include specific construction for the null process. Indeed, this latter can be emulated 
by the trivial constraint 1, which represents no information. 

For convenience, if x is empty, we will abbreviate Vx(c — > P) and (x)c as c P 
and c, respectively. 3xA will be a notation for 3a;i...3a;„A ii A is a, constraint 
or an LCC-process and x is the sequence of variables xi . . .Xn- Moreover, for any 
finite multiset of processes {Pi, . . . , _P„}. wc will use Hf^^Pi as abbreviations for 
Pi| • • • |P„. As usual, the existential and universal quantifiers in constraints and 
LCC-processes are considered as variable binders. Conventionally, we consider the 
variables x as free in any action of the form (x)c. We use ev{a) as an abbreviation 
for the extruded variables of a (i.e. ev(a) = x, if a is an action of the form (x)c, 
ev(a) = otherwise). 

LCC languages are parametrized by a (linear) constraint system, which is a pair 
(C, Ihc) where C is the set of all constraints and I he is a subset of CxC which defines 
the non- logical axioms of the system. For a given constraint system {C,\\-c), the 
entailment relation he is the smallest relation containing I he and closed by the 
rules of intuitionistic linear logic. We will use the notation A-\\-cB to mean that 
both scquents Ahc B and B'rc A hold. 

In this paper, we are interested in studying classes of LCC processes obtained by 
syntactical restrictions on the constraints that they can use. These restrictions will 
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p = p' p'^Q' Q' = Q p\G^Q 

^'^""^^ nO+G') ^ Q ^^""^^ 

P^cP' ev(a)nfv(Q) = P Q y ^Ha) 

P\Q^cP'\Q 3yP^c^yQ 

c he 3x(d 8) e) 3xfi he 3x'd' xx' n fv(c) = 

c' he 3x(d' ® e) is a most general choice P ^^^°> e Q 



(x')d' zi n (y^')'^, r\ 

c he 3y(d[x\t] e) y n fv(c, d, A) = 

3y(d[x\t] (g) e) is a most general choice — c _ , 

- (C-sync) 1 — >-c c (C-in) 



c|Vx(d^ A) 3y.(^[x\t]|e) 



Table 1. Labeled transition system for Linear Logic CC 



simulate the power of the observer in LCC sub-calculi and/or the visibility limita- 
tions imposed by ad-hoc scope mechanisms such as module systems. In practice, 
they will be specified by means of two subsets of C, that will limit the possible 
constraints a process can respectively ask or tell. Formally for all subsets V and £, 
we say that a process P is V-ask restricted (resp. £-tell restricted) if it is obtained 
by the grammar for processes where any ask Vx(c — > P) (resp. any tell c) satisfies 
(3x.c) G V (resp. c £ £). More generally, we say that P is a -process if P is both 
"D-ask and 5-tell restricted. 



2.2 Operational semantics 

In Table 1, we define, for a given constraint system (C, Ihc), the operational seman- 
tics of LCC by means of an LTS. As usual, in process algebras this semantics uses a 
structural congruence. This congruence, noted =c, is defined as the smallest equiv- 
alence satisfying a-renaming of bound variables, commutativity and associativity 
for parallel composition, summation, and the following identities: 

P|T=eP 3aT=eT 3a;3yP =c 3j/3a;P !P =e P|!P 

c(g>d+ce P=c P' z i fv(-P) P =c P' 

c\d=ce P\Q=cP'\Q P\3zQ=cMP\Q) 3x.P=c^x.P' 

The side condition "c he 3y(d[x\t] (8> e) is a most general choice" is a reasonable 
restriction, that guarantees the transition does not weaken constraints within a 
process as can do the logical entailment (For instance we want to avoid entailment 
such as !c he c ® 1). It can be defined as: For any constraint e', all terms t' 
and all variables y' if c he 3y'(d[x\t'] (8) e') and 3y'e' he 3ye hold, then so do 
3y(i[x\t] he 3y'(i[x\t'] and 3ye he 3y'e'. In the constraint systems we will consider 
in this article, such a deduction is always possible. 

The notion of weak transition is defined classically: 

(P Q) (P Q) (P Q) M (P ^c^c^l Q) (for a^r) 
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In the asynchronous context of this paper, it seems natural to restrict the observa- 
tion to outputs. As argued by Amadio et al. (1998), the intuition is that an observer 
cannot know that a message he has sent has been actually received. Moreover, since 
an observer has no way of knowing if the execution of a particular process is termi- 
nated unless he receives a programmed acknowledgment, we will disregard classical 
(L)CC observables which deal with termination such as success stores (Saraswat 
et al. 1991; Pages et al. 2001), and consider only accessible constraints (Haemmerle 
et al. 2007). Formally for any set V d C, the set of V-accessible constraints for a 
process P is defined as: 

©^(P) = |(3x.c) G V I there exists P' such that P 4>c 3x.(P'|c)| 

The semantics we propose has important links with the one defined by Best et al. 
(1997) but it is in some important aspects more general. In particular, the language 
we consider provides replication and explicit operators for both universal and exis- 
tential quantifications, all of which arc important features. Indeed, on the one hand 
replication and existential quantification are crucial to internalize declarations and 
closures in processes (Haemmerle et al. 2007); while, on the other hand universal 
quantification cannot be emulated by tell processes in every constraint system, espe- 
cially linear ones (Fages et al. 2001). Another difference is that our system uses the 
asynchronous input rule as initially proposed by Honda and Yoshida (1995) for the 
TT-calculus. This rule, which allows an observer to do any input action at any time, 
is not designed to be observed directly but rather to simplify bisimulation-based 
definitions within asynchronous frameworks (Amadio et al. 1998). 

Example 2.1 {Dining philosophers) 

As suggested by Best et al. (1997), the dining philosophers problem has an ex- 
tremely simple; solution in LCC. Here is an adaptation of the solution proposed by 
Ruet and Fages (1997). The atomic constraints are frk(i) and eat(j) for i, j S N, 
and he is the trivial entailment relation. Assuming the following encoding for 
the i*'' philosopher among n, a solution for the problem consists of the process 

PP = ! ^frk(i) ig) frk(i-|-l mod n) (^eat(i) |eat (i) ->• rk(i) |f rk(i-|-l) j j j 

This solution suffers neither deadlock nor starvation problems: the system can al- 
ways advance to a different state, and at least one philosopher will eventually eat. 



2.3 Logical semantics 

In this section, we show that the results of logical semantics from LCC (Fages et al. 
2001; Haemmerle et al. 2007) can be shifted to the version of LCC we propose in this 
paper. It will provide us with a powerful tool to reason about processes. It is worth 
noting that the logical semantics proposed here is slightly different from the usual 
one, since it uses an additional conjunction with T. As shown by the next theorem, 
this modification is harmless when regarding accessible constraints, but yields a 
more relevant notion of equivalence. (Refer to the discussion in Sect. 3.1.) Note the 
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conjunction with T is not necessary in case of translation of a parallel composition 
and hiding, since it commutes with and 3 (i.e. (A (g) T) ® (B (g) T)-\\-cA 8 S 8 T 
and 3x{A (g) T)-\\-c^x{A) (gi T). 

Definition 2.2 

Processes are translated into linear logic formulas as follows: 

ct = c(gT (P|Q)t = ptgjQt (P + Q)t = (pt&Qt)^-r 

(!P)t = !(pt)(gT (3a;P)1' = 3xP^ (Vx(c ^ P))"'' = Vx(c ^ P"!") (g T 

Theorem 2.3 [Logical semantics) 

For any process P and any set V of linear constraints, 0'^{P) = {d e P | he d^} . 

3 Observational equivalence relations for Linear logic CC 

In this section, we propose some equivalence relations for LCC-pro cesses. 

An important property of processes related by equivalences is their dependence 
on the environment. More precisely, two equivalent processes must be indistinguish- 
able by an observer in any context (i.e. equivalences must be congruences). Formal 
contexts, written C[], are processes with a special constant [], the hole. Putting 
a term P into the holes of a context C[] gives the term noted C[P]. In practice, 
we define all our congruences for evaluation contexts (Fournet and Gonthier 2005), 
a particular class of contexts where the hole occurs exactly once and not under a 
guard nor a replication. These contexts, also called static contexts (Milner 1989), 
describe environments that can communicate with an observed process and filter 
its messages but can neither substitute variables of the process nor replicate it. In 
this paper, without explicit statement of the contrary, all congruence properties 
will refer to these contexts only. In particular, we will use the terminology "full 
congruence" to refer to the congruence with respect to arbitrary contexts. In the 
framework of LCC, VS -contexts and VS -congruence will refer to evaluation contexts 
and congruence built from I>£-processes. 

3.1 Logical equivalence 

Strictly speaking, the first notion of equivalence we consider is not observational, 
but stems naturally from the logical semantics of the language. Indeed, the logical 
semantics ensures that processes with logically equivalent translations have the 
same accessible constraints. This notion of equivalence is specially interesting since 
it can be proved using automated theorem provers such as Uprover (Tamura 1998). 

Definition 3.1 [Logical equivalence) 

The (weak) logical equivalence on LCC-processes is defined as: 

P cw>c Q <^ PUhcQ^ 

We call this equivalence "weak" because it is strictly less discriminating than 
the one we would obtain using usual logical semantics of LCC. Nonetheless, the 
present definition is more relevant since it does not distinguish Girard's exponential 
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connective, noted ! in Linear Logic, from Milner's replication, noted also ! in process 
algebras. Indeed, for any linear logic formula A, \A®A®T-\\-\A®T holds, whereas 
\A (g) yUhlA does not. The proposition we give next states that the use of T does 
not break the congruence property of logical equivalence. 

Proposition 3.2 

Weak logical equivalence is a full congruence. 

3.2 May-testing equivalence 

The following equivalence relates to testing semantics (Nicola and Hennessy 1984). 
We argue that this relation provides a canonical notion of observational equivalence 
for LCC if considered within the "backtracking" execution paradigm. Indeed, it is 
defined as the largest congruence that respects accessible constraints. For the sake 
of generality, we defined may-testing in a parametric way according to input /output 
filters. 

Definition 3.3 {May-testing equivalence) 

Let V and £ be two subsets of C. The may T>£ -testing, —vs, is the largest V£- 
congruence that respects D-accessible constraints, formally: 

P Q 4^ for any evaluation ©f-context C[], 0'^{C[P]) = 0'^{C[Q]). 

Quite naturally, logical equivalence implies any may testing equivalence relation. 

One can use logical semantics and Prop. 3.2 to demonstrate it. It is worth noting 
that the inclusion is strict. For instance, the processes c — > 3x.P and 3a;. (c — S- P), 
where x is free in P and not in c, are clearly equivalent with respect to any may 
testing equivalence but are not logically equivalent in linear logic. 

Example 3.4 

Contrary to the processes in Ex. 2.1, the following implementation for the i^^ dining 
philosopher does not use atomic consumptions of constraint conjunctions: 

Qi = ! (^f rk(i) (^f rk(i+l mod n) (^eat(i)|eat(i) -> (^frk(i)|frk(i+l mod "))))) 

Although the solutions built with such philosophers face deadlock and starvation 
problems, the two implementations of philosopher cannot be distinguished by may- 
testing (i.e. for all i, n G N, P" ~cc Q"). Note that in the "backtracking" execution 
paradigm there is no reason to distinguish such processes. Indeed, the possibility of 
reversing executions makes deadlocks invisible from an external point of view. 

3.3 Labeled Bisimulation 

In the framework of process algebra, bisimulation-based equivalence relations are 
the most commonly used notion of equivalence. Contrary to the may-testing equiv- 
alences and the barbed congruences presented in the following, the labeled bisim- 
ulation proofs do not require explicit context closure. Indeed, as shows Thm. 3.6, 
congruence is not a requirement but a derived property. Hence, the proofs can be 
established by coinduction, by considering only few steps. As we have done for 
may- testing, our definition of bisimulation is parametrized by input/output filters. 
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Definition 3.5 [Labeled bisimulation) 

Let V and £ be two subsets of C. A action is VE-relevant for a process Q if it is 
either a silent action, or an input action in £, or an output action of the form (x)c 
with (Elx.c) G 2? and xnfv((5) = 0. A symmetrical relation 7^ is a VS -bisimulation 
if for all P, F', Q, a such that PTZQ, P P' , and a is Pf-relevant for Q, there 
exists Q' such that Q =^c Q' and P'TZQ' . The largest 'Df-bisimulation is called 
VS-bisimilarity and is denoted with w^f. 

Theorem 3.6 

For all sets of constraints X> and £, the D£-bisimilarity is a D£"-congruence. 

3.4 Barbed congruence 

Barbed bisimulation has been introduced by Milner and Sangiorgi (1992) as an 
uniform way to describe bisimulation-based equivalences for any calculus. From the 
definition of observables wc give in Sect. 2.2, we derive a notion of barbed bisimu- 
lation in the standard way. As with many other barbed bisimulations, the obtained 
equivalence is too rough. For example, no barbed bisimulation distinguishes between 
processes 1 and c ^ P (with c), which exhibit clearly different behaviours when 
they are put in parallel with a constraint stronger than c. For this reason, wc refine 
our bisimulation by enforcing congruence property following Fournet and Gonthier 
(2005). The resulting relation yields an instance of the intuitive notion of observa- 
tional equivalence for LOG considered within the "committed-choice" paradigm. 

Definition 3. 7 {Barbed congruence) 

Let V and £ be two subsets of C. A symmetrical relation 7^ is a 'D£-barbed bisimu- 
lation if for all P, P', Q such that PTZQ, and P -^■c P', then there exists Q' such 
that 0^(P) C O'^iQ), Q Q' and P"RQ' . The barbed V£ -congruence, written 
=x>f , is the largest X>^^-congruence that is a -barbed bisimulation. 

Glearly, barbed X'f-congriience is more precise than may 'DiP-testing equivalence. 
It is worth noting that it is in general strictly distinct from logical equivalence. 
For instance, c — >■ 3x.P and 3a;. (c — > P) are CC-barbed congruent but not logically 
equivalent, while c — >■ ^ 1 and c® d ^ 1 are logically equivalent but not barbed 
congruent. In general, direct proofs of barbed congruence are tedious since they 
require explicit context closure. Fortunately, the barbed congruence coincides with 
labeled bisimulation. Barbed congruence can therefore be established by simpler 
proofs based on the coinductive principle of labeled bisimulation. 

Theorem 3.8 

For all sets of constraints T> and £, ='d£ and ^-ds coincide. 
Example 3.9 

The encoding of philosophers proposed in the two previous examples cannot be dis- 
tinguished by may-testing. Nonetheless their behavior can be separated by barbed 

congruence. For instance, one can disprove Pf =cc Qi- The following implementa- 
tion refines the one of Ex. 3.4 by allowing a philosopher to put back the first fork 
he takes: 
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R"=\\f-rY{i)^ (^frk('t) + frk('t+l mod n)^ (^eat(i) |eat (i) ^ (^f rk(i)|frk(j+l mod 

Although, solutions built with this latter implementation of philosophers still faces 
starvation problems, the external behaviour of these philosophers cannot be distin- 
guished anymore from the ones of Ex. 2.1, i.e. P" =cc -R" for any i, n G N. 



4 LCC a natural generalization of cisynchronous calculi 

In this section, we show that LCC language generalizes asynchronous 7r-calculus. 
The asynchronous 7r-calculus is a variant of the 7r-calculus where the emission is non- 
blocking. In practice, it is obtained by a simple syntactical restriction prohibiting 
output prefixing. 

We briefly recall the syntax of the asynchronous 7r-calculus. Our notations and 
definitions are mostly standard. For convenience, we will use a denumerable subset 
of LCC variables as channel names. In this language, three syntactical categories 
are distinguished as specified by the following grammar: 

a ::= r | a;y | x{y) \ {y)x{y) {n-actions) 
G ::= T.P I x{y).P \ \P {n-guards) 
P ::= \ xy \ P\P \ vxP | G {t: -processes) 

A TT-calculus process (or 7r-process for short) is one of the following: the null process 
0, the silent prefix r.P, the message reception x{y).P, the asynchronous emission 
xy, the parallel composition of processes P\Q, the replication of processes \P, or 
the scope restriction vyP. 

In this section, we assume the notion of rcdiiction, which we write — , the may 
testing equivalence, which we write ~7r, the labeled bisimulation, which we write 
f«7r, and the barbed congruence, which we write =.^, as defined by Fournet and 
Gonthier (2005). We propose now a very simple interpretation of the asynchronous 
TT-calculus into LCC following the preliminary ideas of Soliman (Soliman 2003). 

Definition 4-1 {LCC Interpretation of the asynchronous n-calculus) 
Let C„ be the trivial constraint system (i.e. a constraint system without non-logical 
axioms), based on the predicate alphabet Sc = {7}- The LCC-interpretation | ]^ 
of TT-actions and 7r-processes as is defined recursively as: 

Irj^^r lxyj^=-y{x,y) lx{y)}^=-y{x,y) liy)x{y)l^={y)jix,y) 

I0t=l lxzj^=^K^ ir.Pj^^l^m^ lx{y).Ph=yy{^{x,y)^lPjJ 

[!PL=![PL I'^^Ph-MPh lP\QhHPUlQh 

It can be noted that this mapping is completely compositional and does not 
need fresh names. Furthermore, the replacement of declarations by replicated asks 
leads to a translation where each construct of the 7r-calculus is mapped to a unique 
construct of LCC. In fact, we can consider this interpretation enforces a syntactical 
restriction on LCC processes, by allowing synchronization only on constraints of 
the form 3y.j{x,y). Formally, assuming = {1} U {3y.^{x,y) \ xy gV Ax ^ y} 
and = {1} U {j{x,y) \ xy G V} , the co-domain of [[ ]^ is precisely the set of 
2?7r^7r-processes. Furthermore, the following results ensure that there is a one-to-one 
correspondence between transitions of the two formalisms. 
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Theorem 4-2 

P^^Qii and only if [P^ ^c, [OL- 

The theorem and the simplicity of the interpretation emphasizes that the tt- 
calculus is syntactically and semantically a subcalculus of LCC. The only transition 
of LCC that is not captured by the 7r-calculus semantics is the simultaneous emission 
of messages (i.e. a constraint of the form 7(0:1, yi) (g) • • • (g) j{xn, Vn))- We argue that 
observing simultaneous emission is not relevant in asynchronous context where 
the observer has no way of knowing the order in which the messages have been 
emitted. In fact, the LCC constraint system makes messages behave similarly to 
molecules within the CHAM (i.e. messages can combine by "cooling" and dissociate 
by "heating" (Berry and Boudol 1992)). 

The following theorem states that may testing equivalence, labeled bisimilarity, 
and barbed congruence are instances of equivalence relations we defined for LCC. 

Theorem 4-3 

Let = {3y.^{x,y) | a; G V \ {y}} and = U {-i{x,y) \ xy e V}. For all 
TT-processes P and Q we have: 

P ^„ g if and only if {P}^ ~2,,c, IQL- 
P g if and only if [P^ «I5;C„ IQ\- 
P^^Qii and only if [P]^ ^j,„c„ IQh- 

5 Observational equivalence relations for CC framework 

5.1 Observational equivalence relations for classical CC 

LCC languages are refinements of CC languages. Indeed the monotonicity of the 
CC store can simply be restored with the exponential connective ! of linear logic, 
allowing duplication of hypotheses and thus avoiding constraint consumption dur- 
ing synchronization (Fages et al. 2001). Hence, all the observational equivalence 
relations we defined for LCC can be transposed eff'ortless to classical CC. That is 
particularly interesting, since few attempts can be found in the literature to endow 
CC with process equivalence techniques. 

In order to further discuss properties of the resulting relations, we will not enter 
into the details of a particular encoding of CC into LCC, but just assume that the 
encoding of classical constraints respects two reasonable properties. We will say that 
a linear constraint c is classical within the linear constraint system C (or C-classical 
for short), if it can be both logically weakened (i.e. c he 1), and deduced without 
weakening the hypotheses (i.e. for any rf, if d he c ® T, then d he c (g) d). We note 
Cc the set of C-classical constraints. Assuming that processes deal with classical 
constraints, we are able to prove some interesting laws. It must be underlined that, 
in the full generality of LCC, none of them holds. 

Proposition 5.1 

Let c, c', d, and d! be four C-classical constraints satisfying c he c' and li he d' . 
For any constraint e, all variables x not free in d, and all processes P and Q, the 
following relations hold: 
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(1) Vx(c^7)eiccT (2) yx{c^J)'^ccy^{c^'cWe) 

(3) Vx(c^e) ??^cc Vx(c^FW7) (4) {{c ^d) \ {c^d')) ^cc {c ^d) 

(5) (d^Vx(e-^P)) Vx(d®e^P) (6) \ {c^ P) ^cc {c^\P) 

(7) ((c^P) I (c^Q)) ^cc (c^(P|Q)) (8) {c^G + c^H) ^cc {c^{G+H)) 

The proof of the propositions rehes on the following lemma, that states a process 
emits classical constraints without weaken itself. 

Lemma 5.2 

Let V and £ be two sets of constraints, P and P' two processes and c a C-classical 
constraint. If P Ac P' then P =c P' . 

The may-testing relation coincides with an equivalence used by Saraswat 
to connect operational and denotational semantics of CC (Saraswat et al. 1991). 
Weaker versions of laws (1) to (6) are proved indirectly for this relation. Saraswat 
has also defined a bisimulation semantics for CC (Saraswat and Rinard 1990). 
The bisimulation he proposed is strong (i.e. it is based on A-c instead of ^c), 
and is therefore maybe too discriminative for an asynchronous framework such as 
CC. For instance, none of the above laws, except (2), can hold for any reasonable 
notion of strong bisimulation. This difference aside, Saraswat's bisimulation seems 
still too discriminative. Indeed, on contrary to =c^Co^ it distinguishes processes 
like (a;< 1— >-c) I (a;<2— >^c) and (a;<2— >-c) | (a;<2— >^c) (where a; < y is the usual 
arithmetic inequality constraint), whereas there is no reasonable justification to do 
so (in both strong and weak case). 



5.2 Observational equivalence relations for CHR 

The Constraint Handling Rules (CHR) programming language (Friihwirth 2009) is 
a multiset rewriting language over first-order terms with constraints over arbitrary 
mathematical structures. Initially introduced for programming constraint solvers, 
CHR has evolved since to a programming language in its own right. 



5.2.1 Constraint Handling Rules Syntax 

The formalization of CHR assumes a language of built-in constraints containing 
the equality =, false, and true over some theory CT and defines user-defined 
constraints using a different set of predicate symbols. We require the non-logical 
axioms of CT to be formulas of the form V(C — ?■ 3Z.D), where both C and D 
stand for possibly empty conjunctions of built-in constraints. Constraint theories 
satisfying such requirements correspond to Saraswat's simple constraints systems 
(1991). 

A CHR program is a finite set of eponymous rules of the form (r @ K\M ■^=^ G | 
C,B), where K, H are multisets of user-defined constraints, called kept head and 
removed head respectively, G is a conjunction of built-in constraints called guard, C 
is a conjunction of built-in constraints, B is a multiset of user-defined constraints, 
and r is an arbitrary identifier assumed unique in the program called rule name. 
Rules where both heads are empty are prohibited. The empty guard true can be 
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Built-in const. (ciA---Ac„)^ = 

CHR const. {di,...,d„)^ = 

Rules r ® (]K\e G 1 B)^ = 

Program {ri,...,rn}^ = 

State {E;C;X)° = 




!ci (gi • • • ig)!c, 
di (g) • • • ® dr 



3 (E^(giC^) 



!V(K^ (g) (8) 3y(K^(g)G^ig)B'<)) 



where Y = (fv(G,B) \ fv(H,K)) and Z = 



(fv(E,C)\X). 



Table 2. Translation from CHR to LCC 



omitted together with the symbol |. Similarly, empty keptheads can be omitted 
together with the symbol \. Propagation rules (i.e. rules with empty removed head) 
can be written using the alternative syntax: r @ K G | C, B. A state is a tuple 
(C; E; X), where C is a multiset of CHR constraints, E is a conjunction of built-in 
constraints, and X is a set of variables. 



In a recent paper, Martinez (2010) has proposed a translation from CHR to a subset 
of LCC (and vice versa), that preserves language semantics with strong bisimilarity. 
This result allows us to transpose straightforwardly our different notions of obser- 
vational equivalence to CHR. To the best of our knowledge, it is the first attempt 
to provide CHR with such equivalence techniques. 

In Table 2, we recall Martinez's LCC interpretation of basic CHR constructs. 
A CHR state a together with a CHR program V are interpreted as the process 
{(j'^\V^). The constraint theory, C7", is translated using a standard translation 
of intuitionistic logic into linear logic. More precisely, in the remainder of this 
section, (C, Ihc) is the constraint system, where C is built from the built-in and CHR 
constraints and Ihc is defined by : (V(C 3©)) e CT if and only he 3XD^. 

Due to space limitation, we do not recall the operational semantics of CHR, 
but use translations of CHR as particular instances of LCC processes. Thanks 
to Martinez's semantics preservation theorem (2010), we can do so without loss of 
generality as long as the CHR abstract semantics is concerned. In fact, we know that 
for any CHR state a and any CHR program V, {a^ ,V^) Q if and only if a can 
be rewritten by V (w.r.t. CHR abstract semantics) to a state a' s.t. Q = {a'^ , 'P^)- 
For the sake of conciseness, we will write a >-^-p a' for (ct^ \'P^) =5>c (c^ I'P^)- 



Confluence is an important property for CHR programs, which ensures that any 
computation for a goal results in the same final state (i.e. modulo the structural 
equivalence =c) no matter which of the applicable rules are used. Here we propose 
a straightforward extension, called confluence up to, where structural equivalence 
is replaced by an observational one. The resulting notion differs form the so-called 
observable confluence (Duck et al. 2007) in the following sense: Observable con- 
fluence consists of proving that a program is confluent on an interesting subset 



5.2.2 From Constraints Handling Rules to Linear Logic CC 



5.2.3 Confluence up to 
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of the states, while confluence up to consists of proving that a (possibly nowhere 
confluent) program is apparently confluent to an external observer. 

Definition 5.3 {Confluence up to) 

Let V and £ be two sets of linear constraints. A CHR program V is confluent up to 
=xis if whenever a i-?-^ cti and a a2, there exist ai and (72 such that cti i->-p a[, 
(72 a'„ and {a'^^^im ^vs 

The following proposition states that CHR transitions w.r.t. a confluent program 
are not observable by any barbed congruences obsevring only classical constraints. 
The choice of limiting observation to classical constraints makes sens since CHR 
programs arc usiially embedded in a (host language) module that prohibs an ex- 
ternal observer synchronizing on internal CHR constraints; the observer can only 
post CHR constraints using the module interface. As it is the case for Prop. 5.1, 
the proof relies on Lemma 5.2. 

Proposition 5.4 

Let Cc be a set of C-classical constraints and T> a set of linear constraints. If V is 
confluent up to =c^v then (a^'lV) P implies {cr'' \V)=e,T> P- 

As corollary, we obtain that barbed congruences and may-testing equivalences 
conincide when they observe only classical (i.e. built-in) constraints. This supports 

the intuitive idea that a confluent program has the same meaning in the "back- 
tracking" and the "commited choice" exuction paradigms - bearing in mind that 
both relations are the respective instances of observation equivalences for these 
paradigms. 

Corollary 5.5 

Let Cc be a set of C-classical constraints. Let P and V' be two CHR programs 
confluent up to =CcV- For aU states a and a', {a^ \P^) —CcV (f'^ \P'^) if and only 
if (aX|7'X)^C,p (a'x|rx) 

5.2.4 Application 

Observational equivalences are commonly used to prove correctness of a realistic (or 
efiicient) implementation w.r.t. a given specification. See, for instance, numerous 

examples in Milncr's book (1989). Here, we illustrate such a use in the context of 
CHR. For instance, let us assume given the following specification program Ps- 

symmetry @ eq(.T, y) eq(y, 2;) 
transitivity @ eq(x, y), eq(y, z) eq(y, z) 

decompose @ eq{t{xf,Xi,Xr),t(yf,yi,yr)) =^ Xf = yf,eq{xi,yi),eq{xr,yr) 

One can be easily convinced that this program specifies a Rational Terms (RT) 
solver limited to labelled binary trees: A binary node is represented by a term 
t{xf,xi,Xr), where a/ is a label (or functor), and xi, Xr are the left and right subtrees, 
respectively. Here, we aim at providing a program observationally equivalent to Ps 
that is usable in practice. As argued previously, since a CHR solver is typically 
isolated in a host module, it is reasonable to restrict the power of the observer such 



14 



Remy Haemmerle 



that it cannot observe CHR constraints and can post only public (or exported) 
CHR constraints. Hence, we choose Cc and Cl"^ = Cc U (where C*' is the set 
of constraints of the form eq(s,t)) as input and output filters, respectively. Since 
CHR is a committed choice language, we have to provide a program CcCc'-barbed 
congruent with Vs. 

A possible implementation for the RT problem has been proposed by Friihwirth 
(2009). This program uses extra-logical constraints such as var/1. Here we prefer 
writing pure programs, since the status of the extra-logical constraints is not firmly 
defined in the theoretical semantics. For this reason, we propose the program Vi 
given below. To solve the problem, this program roughly emulates Prolog's unifi- 
cation algorithm (Ai't-Kaci 1991) - a constraint eq(t, s) encodes an equations to be 
solved, and a constraint x -> t encodes the unification (or the binding) of a variable 
X with a term t. We argue that Vi is more realistic than Vs since it terminates 
under the refined semantics of CHR (Duck et al. 2004) - which selects rules in the 
syntactical order whereas Pg has no terminating derivation. 

reflex @ eq(a:, x) true. 

decompose @ eq{t{xf,xi,Xr),t{yf,yi,yr)) Xf = yf,eq{xi,yi),eq{xr,yr)- 

orient @ eq{t{xf,Xi,Xr),y) <;=^ eq{y,t{xf,Xi,Xr)). 

dereLleft @ x -> z\eq{x, y) <=^ eq{z, y) 

deref_right @ j/ — 1> 0\eq(a:, y) eq(a;, z) 

unif @ eq(a;, y) x —> y. 

Unfortunately, Vi is not CcCc'^-barbed congruent with the specification Vs. For 
instance, for any as s.t. {eq{x,t{a,y, z)),eq{x,t{a,y, z)),true,^) h-)-^^ as, we have 
false e O'^^iaslVs), but for ai = {x —> t{a,y,z)),x — > t(a, y, z)), true, 0), we have 
(eq(a;,t(a, i/,2:)),eq(a;,t(a, ?/,2:)),true,0) Ui and false ^ 0'^'= (erf |Pf ). One simple 
idea to circumvent this problem is to "complete" Pi (Abdennadher and Friihwirth 
1998) (i.e. to make it confluent by adding new rules). For instance, one can add at 
the end of Pi the following rules. Intuitively these rules "repair" states that do not 
respect the binding invariant (i.e. only variables are bound, only once, and not to 
themselves), which is normally preserved by the refined semantics - as far as the 
observer do not performed built-in unification. 

repair^ @ t(a;/, a;-;, x^) y <;=^ eq{y,t{xf,xi,Xr)). 
repairj @ x -> y\x -> z &q{x, z). 
repairg @ a; — > a; true. 

The resulting program Vt is confluent up to —c^c^ and CcCc'-barbed congruent 

with Vs. The proof can be sketched as follows: Assume the function O'** defined 
on atomic constraints as c^** = eq{t,s) if c is of the form {t -> s), or c'** = c other- 
wise. Consider the relation TZ = {(P^ |c), (P^ |c°')|c € C} where ()°' is extended to 
non-atomic constraints in the straightforward way. First, wc prove by coindutivc 
reasoning on the transition from (P^ |c) that 7?. is a CcCc''-bismulation, or thanks to 
Thm. 3.8 a CcCj'^-barbed congruence. Then, by using a straightforward extension 
of strong confluence for abstract rewritting system (Huet 1980), we show that Vt 
is confluent up to TZ, i.e., confluent up to =c^cl'^- Finally, we demonstrate by a 
structural induction on the CcCc'^-contexts that V* —c^cl'^ "Ps, or thanks to Coro. 5.5, 
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Therefore, Vt is a correct implementation of Vs- But, since we have proven that 
is also confluent, we know it can be interpreted under any rule selection strategy 
(in particular, under the one of the refined semantics) without loosing complete- 
ness. For this reason, and because the "repair" rules are never called under the 
refined semantics as long as the observer does not performed built-in unification, 
Vi interpreted in the refined semantics is also a correct implementation of Vs- Note 
that Priihwirth's RT also cannot deal with built-in uniflcations because of the non- 
monotonicity of extra-logical constraints, while "P* can. 

To the best of our knowledge, the only existing notion of equivalence for CHR 
programs that can be related to observation equivalences is the so-called operational 
equivalence (Abdcnnadhcr and Friihwirth 1999). This notion means that given two 
confluent and terminating programs, the computation of a query in both programs 
terminates in the same state. Nonetheless, we argue that observable equivalences 
are more general than operational equivalence, since they can also be applied to 
programs such as V* which is non-terminating, non-confluent, and whose final states 
contain distinct CHR constraints 

6 Conclusion 

In the first part of this paper we have defined and investigated a structural op- 
erational semantics for LCC with quantified ask and replication. In light of this 
new semantics, we have proposed and studied several observational equivalence re- 
lations. To the best of our knowledge, it is the first attempt to provide LCC with 
such tools, even though it was identified early on as a worthwhile goal of investiga- 
tion by Ruet (Ruet and Fages 1997). 

In the second part of this paper, we related LCC and its observational equivalence 
to asynchronous process and CC frameworks. In particular, we have shown that the 
asynchronous 7r-calculi can be viewed as subcalculi of LCC. We have shown, more- 
over, that some of the usual observational equivalence relations defined for this 
calculus are particular instances of the ones we have defined for LCC. Finally, we 
have shown that LCC observational equivalences can be transposed straightfor- 
wardly to classical CC and CHR. We have demonstrated some interesting prop- 
erties of the resulting equivalences. In particular, we have studied the relation be- 
tween barbed-congruence and confluence of CHR programs. We illustrated also how 
barbed-congruence can be used to prove realistic implementation constraint solvers 
w.r.t. a simple specification. 

An immediate further work could be to investigate the properties of the obser- 
vational equivalence relations presented here. For instance, establishing suSicient 
conditions to ensure that observational equivalences are full congruences would be 
interesting. It should also be worthwhile to formally compare LCC with more exotic 
asynchronous calculi, such as hybrid process calculi with constraints (Diaz et al. 
1998; Parrow and Victor 1998; Gilbert and Palamidessi 2000; Buscemi and Monta- 
nari 2007) or extended calculi with security primitives (Abadi et al. 2000), where 
the linear constraint system would play a more prominent role. Finally, the further 
investigation of CHR bisimulation seems promising. 
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